**Major Data Collection Practices Revealed by Leading Digital Publishers**
A recent disclosure highlights how over 1,000 companies—including 242 participating in the IAB Transparency & Consent Framework (TCF)—collect and process user data across websites and apps. These entities store and access device information (such as cookies) and leverage precise geolocation data, IP addresses, browsing history, and search activity for purposes like analytics, personalized advertising, content measurement, and audience research.
The data collection spans multiple platforms, including Yahoo, AOL, Engadget, In The Know, and Makers, and tracks metrics like visitor counts, device types (iOS/Android), browser usage, and session duration. While aggregated and not tied to individual users, the practice raises transparency concerns, particularly given the scale of third-party involvement.
Users retain the ability to withdraw consent or adjust preferences via "Privacy & Cookie Settings" or "Privacy Dashboard" links on these platforms. However, the disclosure underscores the extensive reach of data-sharing networks in digital advertising and content delivery, with implications for user privacy and regulatory compliance. The incident reflects broader industry trends in cross-site tracking and targeted advertising, where consent frameworks play a central role in managing data access.
Source: https://finance.yahoo.com/news/south-korea-online-retailer-coupang-184404024.html
Intesa Sanpaolo cybersecurity rating report: https://www.rankiteo.com/company/intesa-sanpaolo
Yahoo cybersecurity rating report: https://www.rankiteo.com/company/yahoo
IAB cybersecurity rating report: https://www.rankiteo.com/company/iab
"id": "INTYAHIAB1766434075",
"linkid": "intesa-sanpaolo, yahoo, iab",
"type": "Breach",
"date": "12/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Technology, Media',
'name': 'Yahoo',
'type': 'Company'},
{'industry': 'Technology, Media',
'name': 'AOL',
'type': 'Company'},
{'industry': 'Technology, Media',
'name': 'Engadget',
'type': 'Company'},
{'industry': 'Media',
'name': 'In The Know',
'type': 'Company'},
{'industry': 'Media',
'name': 'Makers',
'type': 'Company'},
{'customers_affected': '242 members',
'industry': 'Various',
'name': 'IAB Transparency & Consent Framework Members',
'type': 'Multiple Entities'}],
'attack_vector': 'Legitimate Use of Cookies and Tracking Technologies',
'customer_advisories': 'Users can withdraw consent or change choices via '
"'Privacy & Cookie Settings' or 'Privacy Dashboard' "
'links.',
'data_breach': {'personally_identifiable_information': 'Yes (IP address, '
'browsing and search '
'data, geolocation)',
'sensitivity_of_data': 'High (personal data including precise '
'geolocation and browsing history)',
'type_of_data_compromised': 'Device information, geolocation '
'data, IP addresses, browsing and '
'search data'},
'description': 'A cyber incident involving the storage and/or access of '
'information on devices (cookies), use of precise geolocation '
'data, IP addresses, browsing and search data for analytics, '
'personalized advertising, content measurement, and audience '
'research. Data collected includes visitor counts, device '
'types, browsers, and visit duration, aggregated and not tied '
'to specific users. The incident affects multiple entities, '
'including those part of the IAB Transparency & Consent '
'Framework.',
'impact': {'data_compromised': 'Device information, geolocation data, IP '
'addresses, browsing and search data',
'identity_theft_risk': 'Potential risk due to collection of '
'personal data',
'systems_affected': 'Websites and apps owned and operated by '
'Yahoo, AOL, Engadget, In The Know, Makers'},
'motivation': 'Analytics, Personalized Advertising, Content Measurement, '
'Audience Research',
'recommendations': 'Users should review and manage their consent settings via '
"'Privacy & Cookie Settings' or 'Privacy Dashboard' links. "
'Companies should ensure transparent data collection '
'practices and provide clear opt-out mechanisms.',
'references': [{'source': 'Company Privacy Policy'}],
'response': {'communication_strategy': 'Privacy & Cookie Settings and Privacy '
'Dashboard links provided for user '
'consent management'},
'type': 'Data Collection and Tracking'}